Mozilla Foundation Security Advisory 2008-09

Mishandling of locally-saved plain text files

Announced

February 7, 2008

Reporter

oo.rio.oo

Impact

Low

Products

Firefox, SeaMonkey

Fixed in

Firefox 2.0.0.12

SeaMonkey 1.1.8

Description

Mozilla contributor oo.rio.oo demonstrated that
once a file with Content-Disposition: attachment and
(improper) Content-Type: plain/text is saved locally,
the browser would no longer open local files with .txt extensions
for viewing, but would rather prompt the user to save the file.